You can do it with WS2003 R2:
How do you lot prevent kids from saving unwanted files to they're homedrives?
At present I just delete certain files when they logoff but this isnt stopping them doing it
Also finding that they are storing them in ZIP files and extracting them the next time they log in
But have now added that to the delete.bat file
You can do it with WS2003 R2:
(not that I have, just that I know you can!)
I have a new R2 file server ready to implement for these purposes in the holidays
We set up software restriction policies that stop pupil/staff from running executables from their my documents area's and local/removable drives. It doesnt stop them copying files into these areas but we're found that as soon as users realise they cant run files they copy into these areas it stops them from doing it.
Never realised that 2003 could do this. Handy to know it can filter file types in shares! (though unfortunately our main file servers are still 2000)
If anyone wants any advice on how to set up Software Restriction Polcies you can PM me :!:
Only the R2 version can do the filtering.Originally Posted by flyinghaggis
w00t! i have a new R2 server to build over summer
I installed it and it seems to work pretty well.
It would have been nice for Microsoft to create a different error message when they try and save it though rather than the access denied. I can see them thinking its a problem with the network rather than they doing something wrong.
Also, how long will it be before they realise they can could just change the file extension to make them work. Interent filtering will stop them downloading them but they could still bring them in on USBs.
Can the *nixers describe how they would do something similar. I know you can have non-excutable mounts or filesystems.
I more interested in stopping things like launching MOVs and MP3s from home areas but allowing teaching resources in a shared reference area.
Im no expert and I may have this wrong but I remember someone mentioned this once to do with samba and using the veto directive/function/thingerydufferemy.
Is that anything to do with foomatic filters
I'm just implementing this on our test system at the moment, and it's working brilliantly. Hopefully I'll be enabling this on the live system over the summer holiday.Originally Posted by flyinghaggis
Sorry, missed this thread the first time round for some reason. Anyway there's two ways depending on the situation:Originally Posted by NetworkGeezer
1) if your in a native linux enviroment, then you set the /home to be a seperate mount point. This is likely anyway for quota support. You must use the noexec, nodev and nosuid to prevent user naughtyness. (If you interested in furtuer mount options look at this thread on the Linux Elitists mailing list[/url]). Linux has no concept of 'file extensions' of course.
2) If your using Samba on a linux box as a fileserver you can use a file extension filter on a per share basis. You can do this with the 'veto files' option. For example, to ban mp3s:
Code:[homes] comment = Home Directories browseable = no writable = yes veto files = /*.mp3/*.MP3/
I've used TrustNoExe to stop executables that works pretty well.
Kids are now running .SWFs tho' which is a royal pain. Looks like upgrading to 2003 R2 is the only answer - unless anyone knows different?
If you use software restriction policies in GPOs you can decide what counts as an executable.Originally Posted by mark
There are currently 1 users browsing this thread. (0 members and 1 guests)